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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address— 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
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Paper No./Mail Date . 

Identifying Indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
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DETAILED ACTION 

A request for continued examination under 37 CFR 1.114, including the fee set 
fortli in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 7/10/09 
has been entered. 

The instant application 10/598,509 is presented for examination by the examiner. 
Claims 1 , 39, 41-44, 47-52, and 55 are pending as filed on 7/10/09. Claims 43, 48, 49 
and 54 remain as filed by Applicant on 7/10/09. 



EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone 
conversation with David McKenzie, attorney of record, on 8-1 1-2009. 

The application has been amended by replacing the claims as follows: 
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1 . A method for facilitating secure data communications using a secret key for 
encrypting data flowing between first computing node comprising a processor and a memory and 
second computing node over a communications link, the method comprising: 

determining that the communications link has been idle for at least a predetermined 
period of time, the communications link intermittently fluctuating between idle and busy, the idle 
communication link having no secure data transmission within the at least a predetermined 
period of time; 

determining that there is secure data to flow over the idle communications link between 
the first computing node and the second computing node; and 

generating a new secret key on demand exclusively in response to determining that there 
is secure data to flow over the idle communications link and in response to determining that the 
communication link has been idle for at least the predetermined period of time, wherein the new 
secret key serves to encrypt the secure data sent between the first computing node and the second 
computing node over the communications link. 

39. A method performed at a first computing node comprising a processor and a 
memory for facilitating secure data communications by using a secret key for encrypting data 
flowing between said first computing node and a second computing node over a communications 
link, the method comprising: 

determining that the communications link has been idle for at least a predetermined 
period of time, the communications link intermittently fluctuating between idle and busy, the idle 
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communication link having no secure data transmission within the at least a predetermined 
period of time; 

determining that secure data is available for flow over the idle communications link 
between the first computing node and the second computing node; and 

generating a new secret key on demand before transmission over the idle communications 
link recommences, in response to a determination that secure data is available and a 
determination that the communications link has been idle for at least the predetermined period of 
time, the new secret key for use in encrypting at least part of the secure available data before the 
secure available data flows onto the communications link. 

41 . The method of claim 39 including the additional steps of: 

determining whether the amount of secure data sent over the communications link since 
the last generation of a secret key exceeds a predetermined amount threshold; and 

if the amount of secure data sent exceeds the predetermined amount threshold, initiating 
generation of a new secret key. 

42. The method of claim 39 including the additional steps of: 

sending a heartbeat message to the second computing node only if it is determined that 
the link has been idle for at least the predetermined period of time and that there is no secure data 
available for flow over the communications link; and 

monitoring the communications link for receipt of an acknowledgement from the second 
computing node. 
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44. An apparatus for facilitating secure data communications by using a secret key to 
encrypt data flowing over a communications link between the apparatus and a remote system, 
said apparatus comprising: 

a data detector for determining whether the communications link has been idle for at least 
a predetermined period of time using a timer, the communications link intermittently fluctuating 
between idle and busy, the idle communication link having no secure data transmission within 
the at least a predetermined period of time, the data detector determining that data is now 
available for flow to the remote system over the communications link; 

key generation logic for generating a new secret key on demand in response to 
determinations that the communications link has been idle for at least the predetermined period 
of time and there is secure data now available for flow to the remote system, the new secret key 
for use in encrypting at least part of the secure available data before the secure available data 
flows onto the communications link; and 

a byte measurer for determining whether the amount of secure data sent over the 
communications link has exceeded a predetermined amount threshold since the last generation of 
a secret key and 

wherein the key generation logic initiates generation of a new secret key if the 
determination is that the amount of secure data sent has exceeded the predetermined amount 
threshold. 
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47. The apparatus of claim 44 further including a heartbeat issuer for sending a 
heartbeat to the remote system if the data detector determines that the communications link has 
been idle but there is no secure data available for flow to the remote system over the 
communications link. 

50. A program product comprising a computer readable storage media embodying 
program instructions executed by a computer to facilitate secure data communications with a 
remote system by using a secret key for encrypting data flowing between the computer and the 
remote system over a communications link by: 

determining that the communications link has been idle for at least a predetermined 
period of time, the communications link intermittently fluctuating between idle and busy, the idle 
communication link having no secure data communication traffic within the at least a 
predetermined period of time; 

sending a heartbeat message to the remote system only if it is determined that the link has 
been idle for at least a predetermined period of time and that there is no secure data available for 
flow over the communications link; 

monitoring the communications link for receipt of an acknowledgement fi-om the remote 
system; 

receiving the acknowledgement from the remote system within a predetermined period of 

time; 

determining that secure data is available for flow over the idle communications link from 
the computer to the remote system; 
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detecting ttiat a heartbeat flowed across the idle communications link; and 
generating a new secret key on demand exclusively in response to a determination that 
secure data is available for flow over the idle communications link, detecting that a heartbeat 
flowed across the idle communications link, and receiving the acknowledgement from the 
remote system within the predetermined period of time, the new secret key for use in encrypting 
at least part of the secure available data before the secure available data flows onto the 
communications link, such that generation of a new secret key exclusively occurs when secure 
data is available for flow over the idle communications link. 

52. (Currently Amended) The program product of either claim 50 or claim 5 1 
including additional program instructions for: 

determining whether the amount of secure data sent over the communications link since 
the last generation of a secret key exceeds a predetermined amount threshold; and 

initiating generation of a new secret key if the amount of secure data sent is determined to 
have exceeded the predetermined amount threshold. 
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Response to Amendment 

The present claim amendments overcome tine previous claim objections and 112 
rejections. 

Reasons for Allowance 

The following is an examiner's statement of reasons for allowance: 
Applicant's arguments, filed 7/10/09, with respect to claims 1, 39, 44, and 50 
have been fully considered and are persuasive. 

The closest prior art of record fails to teach or suggest in combination with the 
other claimed limitations, "generating a new secret key on demand in response to 
determining that there is secure data to flow over an idle communication". The closest 
prior art, USP 6,795,555 to Parisien et al., hereinafter Parisien, discloses using idle time 
to generate a new keys. However, the claims are novel and unobvious because they 
only generate a new key when the link has been idle of secure data and when there is 
available data that needs to be secured. The claims' scope is such that keys are 
generating on demand of new available data as opposed just a periodic key refresh. All 
of the independent claims have this limitation, with claim 1 being the broadest, and the 
others adding more conditions to the key generation. 



Allowable Subject Matter 

Claims 1, 39, 41-44, 47-52, and 55 are allowed. 
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Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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Conclusion 

Any inquiry concerning tliis communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571 )270-731 6. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/M. R. V./ 

Examiner, Art Unit 2431 



/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 
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